package com.day.cq.wcm.core.impl.servlets;

import com.day.cq.commons.servlets.AbstractPredicateServlet;
import com.day.cq.commons.servlets.HtmlStatusResponseHelper;
import com.day.cq.i18n.I18n;
import com.day.cq.security.util.CqActions;
import com.day.cq.wcm.api.Page;
import com.day.cq.wcm.core.impl.components.EditContextServlet;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.servlet.ServletException;
import org.apache.commons.collections.Predicate;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.sling.SlingServlet;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.HtmlResponse;
import org.apache.sling.commons.json.JSONArray;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SlingServlet(resourceTypes = {"sling/servlet/default"}, selectors = {"pagepermissions"}, extensions = {"conf", EditContextServlet.EXTENSION}, methods = {"POST", "GET"})
/* loaded from: input_file:com/day/cq/wcm/core/impl/servlets/PagePermissionsServlet.class */
public class PagePermissionsServlet extends AbstractPredicateServlet {
    private static final long serialVersionUID = -3543049910505044536L;
    private static final Logger log = LoggerFactory.getLogger(PagePermissionsServlet.class);
    private static final String ACTION_PARAM = "action";
    private static final String DATA_PRINCIPAL_NAME = "principalName";
    private static final String DATA_PRIVILEGE_CHANGE_LOG = "changelog";
    private static final String DATA_PRIVILEGE_READ = "read";
    private static final String DATA_PRIVILEGE_MODIFY = "modify";
    private static final String DATA_PRIVILEGE_DELETE = "delete";
    private static final String DATA_PRIVILEGE_REPLICATE = "replicate";
    private static final String DATA_PRIVILEGE_CREATE = "create";
    private static final String DATA_PRIVILEGE_PRIVILEGES = "privileges";

    /* loaded from: input_file:com/day/cq/wcm/core/impl/servlets/PagePermissionsServlet$POST_ACTIONS.class */
    private enum POST_ACTIONS {
        add,
        edit,
        remove
    }

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, Predicate predicate) throws ServletException, IOException {
        HtmlResponse htmlResponse = null;
        Resource resource = slingHttpServletRequest.getResource();
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        try {
            try {
                try {
                    try {
                        Page page = (Page) resource.adaptTo(Page.class);
                        String parameter = slingHttpServletRequest.getParameter(DATA_PRINCIPAL_NAME);
                        if (parameter == null || StringUtils.isEmpty(parameter)) {
                            HtmlResponse createStatusResponse = HtmlStatusResponseHelper.createStatusResponse(400, "Principal name is not found");
                            createStatusResponse.send(slingHttpServletResponse, false);
                            if (createStatusResponse != null) {
                                createStatusResponse.send(slingHttpServletResponse, true);
                                return;
                            }
                            return;
                        }
                        String parameter2 = slingHttpServletRequest.getParameter("path");
                        if (parameter2 != null) {
                            Resource resource2 = resourceResolver.getResource(parameter2);
                            if (resource2 == null) {
                                HtmlResponse createStatusResponse2 = HtmlStatusResponseHelper.createStatusResponse(404, "Not Found", resource.getPath());
                                createStatusResponse2.send(slingHttpServletResponse, false);
                                if (createStatusResponse2 != null) {
                                    createStatusResponse2.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                            page = (Page) resource2.adaptTo(Page.class);
                        }
                        if (page == null) {
                            HtmlResponse createStatusResponse3 = HtmlStatusResponseHelper.createStatusResponse(404, "Not Found", resource.getPath());
                            createStatusResponse3.send(slingHttpServletResponse, false);
                            if (createStatusResponse3 != null) {
                                createStatusResponse3.send(slingHttpServletResponse, true);
                                return;
                            }
                            return;
                        }
                        Session session = (Session) resourceResolver.adaptTo(Session.class);
                        Principal principal = getPrincipal(parameter, session);
                        CqActions cqActions = new CqActions(session);
                        slingHttpServletResponse.setContentType("application/json");
                        slingHttpServletResponse.setCharacterEncoding("utf-8");
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put(DATA_PRINCIPAL_NAME, parameter);
                        Collection allowedActions = cqActions.getAllowedActions(page.getPath(), Collections.singleton(principal));
                        JSONObject jSONObject2 = new JSONObject();
                        Iterator it = allowedActions.iterator();
                        while (it.hasNext()) {
                            jSONObject2.put((String) it.next(), "allow");
                        }
                        jSONObject.put(DATA_PRIVILEGE_PRIVILEGES, jSONObject2);
                        jSONObject.write(slingHttpServletResponse.getWriter());
                        if (0 != 0) {
                            htmlResponse.send(slingHttpServletResponse, true);
                        }
                    } catch (PathNotFoundException e) {
                        HtmlResponse createStatusResponse4 = HtmlStatusResponseHelper.createStatusResponse(404, e.getMessage());
                        if (createStatusResponse4 != null) {
                            createStatusResponse4.send(slingHttpServletResponse, true);
                        }
                    }
                } catch (JSONException e2) {
                    HtmlResponse createStatusResponse5 = HtmlStatusResponseHelper.createStatusResponse(false, e2.getMessage());
                    if (createStatusResponse5 != null) {
                        createStatusResponse5.send(slingHttpServletResponse, true);
                    }
                }
            } catch (AccessDeniedException e3) {
                HtmlResponse createStatusResponse6 = HtmlStatusResponseHelper.createStatusResponse(401, e3.getMessage());
                if (createStatusResponse6 != null) {
                    createStatusResponse6.send(slingHttpServletResponse, true);
                }
            } catch (RepositoryException e4) {
                HtmlResponse createStatusResponse7 = HtmlStatusResponseHelper.createStatusResponse(false, e4.getMessage());
                if (createStatusResponse7 != null) {
                    createStatusResponse7.send(slingHttpServletResponse, true);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                htmlResponse.send(slingHttpServletResponse, true);
            }
            throw th;
        }
    }

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        HtmlResponse htmlResponse = null;
        Resource resource = slingHttpServletRequest.getResource();
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        try {
            try {
                try {
                    try {
                        Session session = (Session) resourceResolver.adaptTo(Session.class);
                        Page page = (Page) resource.adaptTo(Page.class);
                        String parameter = slingHttpServletRequest.getParameter(DATA_PRINCIPAL_NAME);
                        String parameter2 = slingHttpServletRequest.getParameter("path");
                        if (parameter2 != null) {
                            Resource resource2 = resourceResolver.getResource(parameter2);
                            if (resource2 == null) {
                                HtmlResponse createStatusResponse = HtmlStatusResponseHelper.createStatusResponse(404, I18n.get(slingHttpServletRequest, "Not Found"), resource.getPath());
                                createStatusResponse.send(slingHttpServletResponse, false);
                                if (createStatusResponse != null) {
                                    createStatusResponse.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                            page = (Page) resource2.adaptTo(Page.class);
                        }
                        if (page == null) {
                            HtmlResponse createStatusResponse2 = HtmlStatusResponseHelper.createStatusResponse(404, I18n.get(slingHttpServletRequest, "Not Found"), resource.getPath());
                            createStatusResponse2.send(slingHttpServletResponse, false);
                            if (createStatusResponse2 != null) {
                                createStatusResponse2.send(slingHttpServletResponse, true);
                                return;
                            }
                            return;
                        }
                        String parameter3 = slingHttpServletRequest.getParameter(ACTION_PARAM);
                        if (parameter3 == null) {
                            HtmlResponse createStatusResponse3 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "Action parameter is not specified."));
                            createStatusResponse3.send(slingHttpServletResponse, false);
                            if (createStatusResponse3 != null) {
                                createStatusResponse3.send(slingHttpServletResponse, true);
                                return;
                            }
                            return;
                        }
                        if (parameter == null && POST_ACTIONS.remove.toString().equals(parameter3)) {
                            HtmlResponse createStatusResponse4 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "Principal is not found"));
                            createStatusResponse4.send(slingHttpServletResponse, false);
                            if (createStatusResponse4 != null) {
                                createStatusResponse4.send(slingHttpServletResponse, true);
                                return;
                            }
                            return;
                        }
                        String parameter4 = slingHttpServletRequest.getParameter(DATA_PRIVILEGE_CHANGE_LOG);
                        CqActions cqActions = new CqActions(session);
                        if (POST_ACTIONS.add.toString().equals(parameter3)) {
                            if (StringUtils.isEmpty(parameter4)) {
                                HtmlResponse createStatusResponse5 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "No privileges to add."));
                                createStatusResponse5.send(slingHttpServletResponse, false);
                                if (createStatusResponse5 != null) {
                                    createStatusResponse5.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                            Map<String, Map<String, Boolean>> readChangelog = readChangelog(parameter4);
                            if (readChangelog.isEmpty()) {
                                HtmlResponse createStatusResponse6 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "Unknown privileges."));
                                createStatusResponse6.send(slingHttpServletResponse, false);
                                if (createStatusResponse6 != null) {
                                    createStatusResponse6.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                            for (String str : readChangelog.keySet()) {
                                Principal principal = getPrincipal(str, session);
                                cqActions.installActions(page.getPath(), principal, readChangelog.get(str), cqActions.getAllowedActions(page.getPath(), Collections.singleton(principal)));
                            }
                            htmlResponse = HtmlStatusResponseHelper.createStatusResponse(true, I18n.get(slingHttpServletRequest, "Added permissions."), page.getPath());
                        } else if (POST_ACTIONS.remove.toString().equals(parameter3)) {
                            removePrincipalPermissions(page, getPrincipal(parameter, session), session);
                            htmlResponse = HtmlStatusResponseHelper.createStatusResponse(true, I18n.get(slingHttpServletRequest, "Updated permissions."), page.getPath());
                        } else if (!POST_ACTIONS.edit.toString().equals(parameter3)) {
                            htmlResponse = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "Unsupported operation"));
                        } else {
                            if (StringUtils.isEmpty(parameter4)) {
                                HtmlResponse createStatusResponse7 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "No changes in ACL list."));
                                createStatusResponse7.send(slingHttpServletResponse, false);
                                if (createStatusResponse7 != null) {
                                    createStatusResponse7.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                            Map<String, Map<String, Boolean>> readChangelog2 = readChangelog(parameter4);
                            if (readChangelog2.isEmpty()) {
                                HtmlResponse createStatusResponse8 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "Unknown privileges."));
                                createStatusResponse8.send(slingHttpServletResponse, false);
                                if (createStatusResponse8 != null) {
                                    createStatusResponse8.send(slingHttpServletResponse, true);
                                    return;
                                }
                                return;
                            }
                            ArrayList arrayList = new ArrayList();
                            Iterator<String> it = readChangelog2.keySet().iterator();
                            while (it.hasNext()) {
                                Principal principal2 = getPrincipal(it.next(), session);
                                arrayList.add(principal2);
                                removePrincipalPermissions(page, principal2, session);
                            }
                            session.save();
                            for (Principal principal3 : arrayList) {
                                cqActions.installActions(page.getPath(), principal3, readChangelog2.get(principal3.getName()), cqActions.getAllowedActions(page.getPath(), Collections.singleton(principal3)));
                            }
                            session.save();
                            slingHttpServletResponse.setContentType("application/json");
                            slingHttpServletResponse.setCharacterEncoding("utf-8");
                            getActualChangeLogData(session, parameter2, cqActions, arrayList).write(slingHttpServletResponse.getWriter());
                        }
                        if (session.hasPendingChanges()) {
                            session.save();
                        }
                        if (htmlResponse != null) {
                            htmlResponse.send(slingHttpServletResponse, true);
                        }
                    } catch (JSONException e) {
                        HtmlResponse createStatusResponse9 = HtmlStatusResponseHelper.createStatusResponse(400, I18n.get(slingHttpServletRequest, "Wrong request parameters"));
                        if (createStatusResponse9 != null) {
                            createStatusResponse9.send(slingHttpServletResponse, true);
                        }
                    }
                } catch (RepositoryException e2) {
                    HtmlResponse createStatusResponse10 = HtmlStatusResponseHelper.createStatusResponse(false, e2.getMessage());
                    if (createStatusResponse10 != null) {
                        createStatusResponse10.send(slingHttpServletResponse, true);
                    }
                }
            } catch (UnsupportedRepositoryOperationException e3) {
                HtmlResponse createStatusResponse11 = HtmlStatusResponseHelper.createStatusResponse(401, e3.getMessage());
                if (createStatusResponse11 != null) {
                    createStatusResponse11.send(slingHttpServletResponse, true);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                htmlResponse.send(slingHttpServletResponse, true);
            }
            throw th;
        }
    }

    private JSONObject getActualChangeLogData(Session session, String str, CqActions cqActions, List<Principal> list) throws RepositoryException, JSONException {
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        AccessControlManager accessControlManager = session.getAccessControlManager();
        Iterator<Principal> it = list.iterator();
        while (it.hasNext()) {
            String name = it.next().getName();
            JSONObject jSONObject2 = new JSONObject();
            JSONObject jSONObject3 = new JSONObject();
            jSONObject2.put(DATA_PRINCIPAL_NAME, name);
            Collection<String> actions = getActions(accessControlManager, str, name, cqActions);
            if (actions != null) {
                jSONObject3.put(DATA_PRIVILEGE_READ, actions.contains(DATA_PRIVILEGE_READ));
                jSONObject3.put(DATA_PRIVILEGE_MODIFY, actions.contains(DATA_PRIVILEGE_MODIFY));
                jSONObject3.put(DATA_PRIVILEGE_DELETE, actions.contains(DATA_PRIVILEGE_DELETE));
                jSONObject3.put(DATA_PRIVILEGE_REPLICATE, actions.contains(DATA_PRIVILEGE_REPLICATE));
                jSONObject3.put(DATA_PRIVILEGE_CREATE, actions.contains(DATA_PRIVILEGE_CREATE));
            }
            jSONObject2.put(DATA_PRIVILEGE_PRIVILEGES, jSONObject3);
            jSONArray.put(jSONObject2);
        }
        jSONObject.put(DATA_PRIVILEGE_CHANGE_LOG, jSONArray);
        return jSONObject;
    }

    private Collection<String> getActions(AccessControlManager accessControlManager, String str, String str2, CqActions cqActions) throws RepositoryException {
        for (AccessControlList accessControlList : accessControlManager.getPolicies(str)) {
            if (accessControlList instanceof AccessControlList) {
                for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                    if ((accessControlEntry instanceof JackrabbitAccessControlEntry) && accessControlEntry.getPrincipal() != null && str2.equals(accessControlEntry.getPrincipal().getName())) {
                        return cqActions.getAllowedActions(str, Collections.singleton(accessControlEntry.getPrincipal()));
                    }
                }
            }
        }
        return null;
    }

    private void removePrincipalPermissions(Page page, Principal principal, Session session) throws RepositoryException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        for (AccessControlList accessControlList : accessControlManager.getPolicies(page.getPath())) {
            if (accessControlList instanceof AccessControlList) {
                boolean z = false;
                AccessControlList accessControlList2 = accessControlList;
                for (AccessControlEntry accessControlEntry : accessControlList2.getAccessControlEntries()) {
                    if (principal.equals(accessControlEntry.getPrincipal())) {
                        accessControlList2.removeAccessControlEntry(accessControlEntry);
                        z = true;
                    }
                }
                if (z) {
                    accessControlManager.setPolicy(page.getPath(), accessControlList2);
                    session.save();
                }
            }
        }
    }

    private static Principal getPrincipal(String str, Session session) throws RepositoryException {
        Principal principal = ((JackrabbitSession) session).getPrincipalManager().getPrincipal(str);
        if (principal == null) {
            throw new RepositoryException("Principal not found for principal name: " + str);
        }
        return principal;
    }

    private static Map<String, Map<String, Boolean>> readChangelog(String str) throws JSONException {
        JSONArray jSONArray = new JSONArray(str);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            HashMap hashMap = new HashMap();
            if (!jSONObject.isNull(DATA_PRINCIPAL_NAME)) {
                String string = jSONObject.getString(DATA_PRINCIPAL_NAME);
                if (!jSONObject.isNull(DATA_PRIVILEGE_PRIVILEGES)) {
                    JSONArray jSONArray2 = jSONObject.getJSONArray(DATA_PRIVILEGE_PRIVILEGES);
                    if (jSONArray2.length() != 0) {
                        for (int i2 = 0; i2 < jSONArray2.length(); i2++) {
                            JSONObject jSONObject2 = jSONArray2.getJSONObject(i2);
                            if (!jSONObject2.isNull("name") && !jSONObject2.isNull("value")) {
                                hashMap.put(jSONObject2.getString("name"), Boolean.valueOf(jSONObject2.getBoolean("value")));
                            }
                        }
                        linkedHashMap.put(string, hashMap);
                    }
                }
            }
        }
        return linkedHashMap;
    }
}
